From fb1ef7c6d6baa6a794cf56f8ee18971f96237039 Mon Sep 17 00:00:00 2001 From: Mahavir Jain Date: Fri, 10 Mar 2023 09:36:32 +0530 Subject: [PATCH 1/4] esp32h2: enable memory protection scheme using PMA and PMP Closes IDF-6452 --- .../port/esp32h2/cpu_region_protect.c | 206 +++++++++++++----- .../esp32h2/include/soc/Kconfig.soc_caps.in | 8 + components/soc/esp32h2/include/soc/soc_caps.h | 3 + 3 files changed, 163 insertions(+), 54 deletions(-) diff --git a/components/esp_hw_support/port/esp32h2/cpu_region_protect.c b/components/esp_hw_support/port/esp32h2/cpu_region_protect.c index e006547c73..cfe2d66837 100644 --- a/components/esp_hw_support/port/esp32h2/cpu_region_protect.c +++ b/components/esp_hw_support/port/esp32h2/cpu_region_protect.c @@ -10,83 +10,181 @@ #include "esp_cpu.h" #include "esp_fault.h" -// ESP32H2-TODO: IDF-6452 +#ifdef BOOTLOADER_BUILD +// Without L bit set +#define CONDITIONAL_NONE 0x0 +#define CONDITIONAL_RX PMP_R | PMP_X +#define CONDITIONAL_RW PMP_R | PMP_W +#define CONDITIONAL_RWX PMP_R | PMP_W | PMP_X +#else +// With L bit set +#define CONDITIONAL_NONE NONE +#define CONDITIONAL_RX RX +#define CONDITIONAL_RW RW +#define CONDITIONAL_RWX RWX +#endif + +static void esp_cpu_configure_invalid_regions(void) +{ + const unsigned PMA_NONE = PMA_L | PMA_EN; + __attribute__((unused)) const unsigned PMA_RW = PMA_L | PMA_EN | PMA_R | PMA_W; + __attribute__((unused)) const unsigned PMA_RX = PMA_L | PMA_EN | PMA_R | PMA_X; + __attribute__((unused)) const unsigned PMA_RWX = PMA_L | PMA_EN | PMA_R | PMA_W | PMA_X; + + // 1. Gap at bottom of address space + PMA_ENTRY_SET_TOR(0, SOC_DEBUG_LOW, PMA_TOR | PMA_NONE); + + // 2. Gap between debug region & IROM + PMA_ENTRY_SET_TOR(1, SOC_DEBUG_HIGH, PMA_NONE); + PMA_ENTRY_SET_TOR(2, SOC_IROM_MASK_LOW, PMA_TOR | PMA_NONE); + + // 3. Gap between ROM & RAM + PMA_ENTRY_SET_TOR(3, SOC_DROM_MASK_HIGH, PMA_NONE); + PMA_ENTRY_SET_TOR(4, SOC_IRAM_LOW, PMA_TOR | PMA_NONE); + + // 4. Gap between DRAM and I_Cache + PMA_ENTRY_SET_TOR(5, SOC_IRAM_HIGH, PMA_NONE); + PMA_ENTRY_SET_TOR(6, SOC_IROM_LOW, PMA_TOR | PMA_NONE); + + // 5. Gap between D_Cache & LP_RAM + PMA_ENTRY_SET_TOR(7, SOC_DROM_HIGH, PMA_NONE); + PMA_ENTRY_SET_TOR(8, SOC_RTC_IRAM_LOW, PMA_TOR | PMA_NONE); + + // 6. Gap between LP memory & peripheral addresses + PMA_ENTRY_SET_TOR(9, SOC_RTC_IRAM_HIGH, PMA_NONE); + PMA_ENTRY_SET_TOR(10, SOC_PERIPHERAL_LOW, PMA_TOR | PMA_NONE); + + // 7. End of address space + PMA_ENTRY_SET_TOR(11, SOC_PERIPHERAL_HIGH, PMA_NONE); + PMA_ENTRY_SET_TOR(12, UINT32_MAX, PMA_TOR | PMA_NONE); +} + void esp_cpu_configure_region_protection(void) { /* Notes on implementation: * * 1) Note: ESP32-H2 CPU doesn't support overlapping PMP regions * - * 2) Therefore, we use TOR (top of range) entries to map the whole address - * space, bottom to top. + * 2) ESP32-H2 supports 16 PMA regions so we use this feature to block all the invalid address ranges * - * 3) There are not enough entries to describe all the memory regions 100% accurately. + * 3) We use combination of NAPOT (Naturally Aligned Power Of Two) and TOR (top of range) + * entries to map all the valid address space, bottom to top. This leaves us with some extra PMP entries + * which can be used to provide more granular access * - * 4) This means some gaps (invalid memory) are accessible. Priority for extending regions - * to cover gaps is to extend read-only or read-execute regions or read-only regions only - * (executing unmapped addresses should always fault with invalid instruction, read-only means - * stores will correctly fault even if reads may return some invalid value.) - * - * 5) Entries are grouped in order with some static asserts to try and verify everything is + * 4) Entries are grouped in order with some static asserts to try and verify everything is * correct. */ - const unsigned NONE = PMP_L | PMP_TOR; - const unsigned RW = PMP_L | PMP_TOR | PMP_R | PMP_W; - const unsigned RX = PMP_L | PMP_TOR | PMP_R | PMP_X; - const unsigned RWX = PMP_L | PMP_TOR | PMP_R | PMP_W | PMP_X; - // 1. Gap at bottom of address space - PMP_ENTRY_SET(0, SOC_DEBUG_LOW, NONE); + /* There are 4 configuration scenarios for SRAM + * + * 1. Bootloader build: + * - We cannot set the lock bit as we need to reconfigure it again for the application. + * We configure PMP to cover entire valid IRAM and DRAM range. + * + * 2. Application build with CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT enabled + * - We split the SRAM into IRAM and DRAM such that IRAM region cannot be written to + * and DRAM region cannot be executed. We use _iram_end and _data_start markers to set the boundaries. + * We also lock these entries so the R/W/X permissions are enforced even for machine mode + * + * 3. Application build with CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT disabled + * - The IRAM-DRAM split is not enabled so we just need to ensure that access to only valid address ranges are successful + * so for that we set PMP to cover entire valid IRAM and DRAM region. + * We also lock these entries so the R/W/X permissions are enforced even for machine mode + * + * 4. CPU is in OCD debug mode + * - The IRAM-DRAM split is not enabled so that OpenOCD can write and execute from IRAM. + * We set PMP to cover entire valid IRAM and DRAM region. + * We also lock these entries so the R/W/X permissions are enforced even for machine mode + */ + const unsigned NONE = PMP_L; + const unsigned R = PMP_L | PMP_R; + const unsigned RW = PMP_L | PMP_R | PMP_W; + const unsigned RX = PMP_L | PMP_R | PMP_X; + const unsigned RWX = PMP_L | PMP_R | PMP_W | PMP_X; - // 2. Debug region - PMP_ENTRY_SET(1, SOC_DEBUG_HIGH, RWX); + // + // Configure all the invalid address regions using PMA + // + esp_cpu_configure_invalid_regions(); + + // + // Configure all the valid address regions using PMP + // + + // 1. Debug region + const uint32_t pmpaddr0 = PMPADDR_NAPOT(SOC_DEBUG_LOW, SOC_DEBUG_HIGH); + PMP_ENTRY_SET(0, pmpaddr0, PMP_NAPOT | RWX); _Static_assert(SOC_DEBUG_LOW < SOC_DEBUG_HIGH, "Invalid CPU debug region"); - // 3. Gap between debug region & IROM - PMP_ENTRY_SET(2, SOC_IROM_MASK_LOW, NONE); - _Static_assert(SOC_DEBUG_HIGH < SOC_IROM_MASK_LOW, "Invalid PMP entry order"); + // 2.1 I-ROM + PMP_ENTRY_SET(1, SOC_IROM_MASK_LOW, NONE); + PMP_ENTRY_SET(2, SOC_IROM_MASK_HIGH, PMP_TOR | RX); + _Static_assert(SOC_IROM_MASK_LOW < SOC_IROM_MASK_HIGH, "Invalid I-ROM region"); - // 4. ROM - PMP_ENTRY_SET(3, SOC_DROM_MASK_HIGH, RX); - _Static_assert(SOC_IROM_MASK_LOW < SOC_DROM_MASK_HIGH, "Invalid ROM region"); + // 2.2 D-ROM + PMP_ENTRY_SET(3, SOC_DROM_MASK_LOW, NONE); + PMP_ENTRY_SET(4, SOC_DROM_MASK_HIGH, PMP_TOR | R); + _Static_assert(SOC_DROM_MASK_LOW < SOC_DROM_MASK_HIGH, "Invalid D-ROM region"); - // 5. Gap between ROM & RAM - PMP_ENTRY_SET(4, SOC_IRAM_LOW, NONE); - _Static_assert(SOC_DROM_MASK_HIGH < SOC_IRAM_LOW, "Invalid PMP entry order"); + if (esp_cpu_dbgr_is_attached()) { + // Anti-FI check that cpu is really in ocd mode + ESP_FAULT_ASSERT(esp_cpu_dbgr_is_attached()); - // 6. RAM - PMP_ENTRY_SET(5, SOC_IRAM_HIGH, RWX); - _Static_assert(SOC_IRAM_LOW < SOC_IRAM_HIGH, "Invalid RAM region"); + // 5. IRAM and DRAM + PMP_ENTRY_SET(5, SOC_IRAM_LOW, NONE); + PMP_ENTRY_SET(6, SOC_IRAM_HIGH, PMP_TOR | RWX); + _Static_assert(SOC_IRAM_LOW < SOC_IRAM_HIGH, "Invalid RAM region"); + } else { +#if CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT && !BOOTLOADER_BUILD + extern int _iram_end; + // 5. IRAM and DRAM + /* Reset the corresponding PMP config because PMP_ENTRY_SET only sets the given bits + * Bootloader might have given extra permissions and those won't be cleared + */ + PMP_ENTRY_CFG_RESET(5); + PMP_ENTRY_CFG_RESET(6); + PMP_ENTRY_CFG_RESET(7); + PMP_ENTRY_SET(5, SOC_IRAM_LOW, NONE); + PMP_ENTRY_SET(6, (int)&_iram_end, PMP_TOR | RX); + PMP_ENTRY_SET(7, SOC_DRAM_HIGH, PMP_TOR | RW); +#else + // 5. IRAM and DRAM + PMP_ENTRY_SET(5, SOC_IRAM_LOW, CONDITIONAL_NONE); + PMP_ENTRY_SET(6, SOC_IRAM_HIGH, PMP_TOR | CONDITIONAL_RWX); + _Static_assert(SOC_IRAM_LOW < SOC_IRAM_HIGH, "Invalid RAM region"); +#endif + } - // 7. Gap between DRAM and I_Cache - PMP_ENTRY_SET(6, SOC_IROM_LOW, NONE); - _Static_assert(SOC_IRAM_HIGH < SOC_IROM_LOW, "Invalid PMP entry order"); - - // 8. I_Cache (flash) - PMP_ENTRY_SET(7, SOC_IROM_HIGH, RWX); + // 4. I_Cache (flash) + const uint32_t pmpaddr8 = PMPADDR_NAPOT(SOC_IROM_LOW, SOC_IROM_HIGH); + PMP_ENTRY_SET(8, pmpaddr8, PMP_NAPOT | RX); _Static_assert(SOC_IROM_LOW < SOC_IROM_HIGH, "Invalid I_Cache region"); - // 9. D_Cache (flash) - PMP_ENTRY_SET(8, SOC_DROM_HIGH, RW); + // 5. D_Cache (flash) + const uint32_t pmpaddr9 = PMPADDR_NAPOT(SOC_DROM_LOW, SOC_DROM_HIGH); + PMP_ENTRY_SET(9, pmpaddr9, PMP_NAPOT | R); _Static_assert(SOC_DROM_LOW < SOC_DROM_HIGH, "Invalid D_Cache region"); - // 10. Gap between D_Cache & LP_RAM - PMP_ENTRY_SET(9, SOC_RTC_IRAM_LOW, NONE); - _Static_assert(SOC_DROM_HIGH < SOC_RTC_IRAM_LOW, "Invalid PMP entry order"); - - // 16. LP memory - PMP_ENTRY_SET(10, SOC_RTC_IRAM_HIGH, RWX); + // 6. LP memory +#if CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT && !BOOTLOADER_BUILD + extern int _rtc_text_end; + /* Reset the corresponding PMP config because PMP_ENTRY_SET only sets the given bits + * Bootloader might have given extra permissions and those won't be cleared + */ + PMP_ENTRY_CFG_RESET(10); + PMP_ENTRY_CFG_RESET(11); + PMP_ENTRY_CFG_RESET(12); + PMP_ENTRY_SET(10, SOC_RTC_IRAM_LOW, NONE); + PMP_ENTRY_SET(11, (int)&_rtc_text_end, PMP_TOR | RX); + PMP_ENTRY_SET(12, SOC_RTC_IRAM_HIGH, PMP_TOR | RW); +#else + const uint32_t pmpaddr10 = PMPADDR_NAPOT(SOC_RTC_IRAM_LOW, SOC_RTC_IRAM_HIGH); + PMP_ENTRY_SET(10, pmpaddr10, PMP_NAPOT | CONDITIONAL_RWX); _Static_assert(SOC_RTC_IRAM_LOW < SOC_RTC_IRAM_HIGH, "Invalid RTC IRAM region"); +#endif - // 17. Gap between LP memory & peripheral addresses - PMP_ENTRY_SET(11, SOC_PERIPHERAL_LOW, NONE); - _Static_assert(SOC_RTC_IRAM_HIGH < SOC_PERIPHERAL_LOW, "Invalid PMP entry order"); - - // 18. Peripheral addresses - PMP_ENTRY_SET(12, SOC_PERIPHERAL_HIGH, RW); + // 7. Peripheral addresses + const uint32_t pmpaddr13 = PMPADDR_NAPOT(SOC_PERIPHERAL_LOW, SOC_PERIPHERAL_HIGH); + PMP_ENTRY_SET(13, pmpaddr13, PMP_NAPOT | RW); _Static_assert(SOC_PERIPHERAL_LOW < SOC_PERIPHERAL_HIGH, "Invalid peripheral region"); - - // 19. End of address space - PMP_ENTRY_SET(13, UINT32_MAX, NONE); // all but last 4 bytes - PMP_ENTRY_SET(14, UINT32_MAX, PMP_L | PMP_NA4); // last 4 bytes } diff --git a/components/soc/esp32h2/include/soc/Kconfig.soc_caps.in b/components/soc/esp32h2/include/soc/Kconfig.soc_caps.in index d342077dd8..b565f90969 100644 --- a/components/soc/esp32h2/include/soc/Kconfig.soc_caps.in +++ b/components/soc/esp32h2/include/soc/Kconfig.soc_caps.in @@ -307,6 +307,14 @@ config SOC_CPU_WATCHPOINT_SIZE hex default 0x80000000 +config SOC_CPU_HAS_PMA + bool + default y + +config SOC_CPU_IDRAM_SPLIT_USING_PMP + bool + default y + config SOC_MMU_PAGE_SIZE_CONFIGURABLE bool default y diff --git a/components/soc/esp32h2/include/soc/soc_caps.h b/components/soc/esp32h2/include/soc/soc_caps.h index abb72b6a14..deefa9d2a6 100644 --- a/components/soc/esp32h2/include/soc/soc_caps.h +++ b/components/soc/esp32h2/include/soc/soc_caps.h @@ -134,6 +134,9 @@ #define SOC_CPU_WATCHPOINTS_NUM 4 #define SOC_CPU_WATCHPOINT_SIZE 0x80000000 // bytes +#define SOC_CPU_HAS_PMA 1 +#define SOC_CPU_IDRAM_SPLIT_USING_PMP 1 + /*-------------------------- MMU CAPS ----------------------------------------*/ #define SOC_MMU_PAGE_SIZE_CONFIGURABLE (1) #define SOC_MMU_PERIPH_NUM (1U) From b29ed0ba0b6cad358c757ada912eae464252d2e3 Mon Sep 17 00:00:00 2001 From: Mahavir Jain Date: Fri, 10 Mar 2023 09:38:40 +0530 Subject: [PATCH 2/4] test_apps: enable memprot tests for ESP32-H2 target --- components/soc/esp32h2/include/soc/soc.h | 3 +++ tools/test_apps/.build-test-rules.yml | 2 +- tools/test_apps/system/panic/pytest_panic.py | 24 ++++++++++--------- .../system/panic/sdkconfig.ci.memprot_esp32h2 | 8 +++++++ 4 files changed, 25 insertions(+), 12 deletions(-) create mode 100644 tools/test_apps/system/panic/sdkconfig.ci.memprot_esp32h2 diff --git a/components/soc/esp32h2/include/soc/soc.h b/components/soc/esp32h2/include/soc/soc.h index 2b61061dcc..5a95925d27 100644 --- a/components/soc/esp32h2/include/soc/soc.h +++ b/components/soc/esp32h2/include/soc/soc.h @@ -176,6 +176,9 @@ #define SOC_DIRAM_DRAM_LOW 0x40800000 #define SOC_DIRAM_DRAM_HIGH 0x40850000 +#define MAP_DRAM_TO_IRAM(addr) (addr) +#define MAP_IRAM_TO_DRAM(addr) (addr) + // Region of memory accessible via DMA. See esp_ptr_dma_capable(). #define SOC_DMA_LOW 0x40800000 #define SOC_DMA_HIGH 0x40850000 diff --git a/tools/test_apps/.build-test-rules.yml b/tools/test_apps/.build-test-rules.yml index 4f90e9521a..d2cf4dac7a 100644 --- a/tools/test_apps/.build-test-rules.yml +++ b/tools/test_apps/.build-test-rules.yml @@ -161,7 +161,7 @@ tools/test_apps/system/panic: enable: - if: INCLUDE_DEFAULT == 1 or IDF_TARGET == "esp32h4" disable_test: - - if: IDF_TARGET not in ["esp32", "esp32s2", "esp32c3", "esp32s3", "esp32c2", "esp32c6"] + - if: IDF_TARGET not in ["esp32", "esp32s2", "esp32c3", "esp32s3", "esp32c2", "esp32c6", "esp32h2"] temporary: true reason: test app not ported to this target yet diff --git a/tools/test_apps/system/panic/pytest_panic.py b/tools/test_apps/system/panic/pytest_panic.py index 005b96e69e..420d0d26fb 100644 --- a/tools/test_apps/system/panic/pytest_panic.py +++ b/tools/test_apps/system/panic/pytest_panic.py @@ -480,12 +480,13 @@ def test_panic_delay(dut: PanicTestDut) -> None: ######################### # Memprot-related tests are supported only on targets with PMS/PMA peripheral; -# currently ESP32-S2, ESP32-C3, ESP32-C2, and ESP32-C6 are supported +# currently ESP32-S2, ESP32-C3, ESP32-C2, ESP32-H2 and ESP32-C6 are supported CONFIGS_MEMPROT_IDRAM = [ pytest.param('memprot_esp32s2', marks=[pytest.mark.esp32s2]), pytest.param('memprot_esp32c3', marks=[pytest.mark.esp32c3]), pytest.param('memprot_esp32c2', marks=[pytest.mark.esp32c2]), - pytest.param('memprot_esp32c6', marks=[pytest.mark.esp32c6]) + pytest.param('memprot_esp32c6', marks=[pytest.mark.esp32c6]), + pytest.param('memprot_esp32h2', marks=[pytest.mark.esp32h2]) ] CONFIGS_MEMPROT_DCACHE = [ @@ -495,7 +496,8 @@ CONFIGS_MEMPROT_DCACHE = [ CONFIGS_MEMPROT_RTC_FAST_MEM = [ pytest.param('memprot_esp32s2', marks=[pytest.mark.esp32s2]), pytest.param('memprot_esp32c3', marks=[pytest.mark.esp32c3]), - pytest.param('memprot_esp32c6', marks=[pytest.mark.esp32c6]) + pytest.param('memprot_esp32c6', marks=[pytest.mark.esp32c6]), + pytest.param('memprot_esp32h2', marks=[pytest.mark.esp32h2]) ] CONFIGS_MEMPROT_RTC_SLOW_MEM = [ @@ -534,7 +536,7 @@ def test_iram_reg1_write_violation(dut: PanicTestDut, test_func_name: str) -> No dut.expect_backtrace() elif dut.target == 'esp32c3': dut.expect_exact(r'Test error: Test function has returned') - elif dut.target in ['esp32c2', 'esp32c6']: + elif dut.target in ['esp32c2', 'esp32c6', 'esp32h2']: dut.expect_gme('Store access fault') dut.expect_reg_dump(0) dut.expect_stack_dump() @@ -557,7 +559,7 @@ def test_iram_reg2_write_violation(dut: PanicTestDut, test_func_name: str) -> No dut.expect(r' operation type: (\S+)') dut.expect_reg_dump(0) dut.expect_stack_dump() - elif dut.target in ['esp32c2', 'esp32c6']: + elif dut.target in ['esp32c2', 'esp32c6', 'esp32h2']: dut.expect_gme('Store access fault') dut.expect_reg_dump(0) dut.expect_stack_dump() @@ -580,7 +582,7 @@ def test_iram_reg3_write_violation(dut: PanicTestDut, test_func_name: str) -> No dut.expect(r' operation type: (\S+)') dut.expect_reg_dump(0) dut.expect_stack_dump() - elif dut.target in ['esp32c2', 'esp32c6']: + elif dut.target in ['esp32c2', 'esp32c6', 'esp32h2']: dut.expect_gme('Store access fault') dut.expect_reg_dump(0) dut.expect_stack_dump() @@ -605,7 +607,7 @@ def test_iram_reg4_write_violation(dut: PanicTestDut, test_func_name: str) -> No dut.expect(r' operation type: (\S+)') dut.expect_reg_dump(0) dut.expect_stack_dump() - elif dut.target in ['esp32c2', 'esp32c6']: + elif dut.target in ['esp32c2', 'esp32c6', 'eps32h2']: dut.expect_gme('Store access fault') dut.expect_reg_dump(0) dut.expect_stack_dump() @@ -623,7 +625,7 @@ def test_dram_reg1_execute_violation(dut: PanicTestDut, test_func_name: str) -> dut.expect(r'Unknown operation at address [0-9xa-f]+ not permitted \((\S+)\)') dut.expect_reg_dump(0) dut.expect_corrupted_backtrace() - elif dut.target in ['esp32c3', 'esp32c2', 'esp32c6']: + elif dut.target in ['esp32c3', 'esp32c2', 'esp32c6', 'esp32h2']: dut.expect_gme('Instruction access fault') dut.expect_reg_dump(0) dut.expect_stack_dump() @@ -638,7 +640,7 @@ def test_dram_reg2_execute_violation(dut: PanicTestDut, test_func_name: str) -> dut.expect_gme('InstructionFetchError') dut.expect_reg_dump(0) dut.expect_corrupted_backtrace() - elif dut.target in ['esp32c3', 'esp32c2', 'esp32c6']: + elif dut.target in ['esp32c3', 'esp32c2', 'esp32c6', 'esp32h2']: dut.expect_gme('Instruction access fault') dut.expect_reg_dump(0) dut.expect_stack_dump() @@ -653,7 +655,7 @@ def test_rtc_fast_reg1_execute_violation(dut: PanicTestDut, test_func_name: str) @pytest.mark.parametrize('config', CONFIGS_MEMPROT_RTC_FAST_MEM, indirect=True) @pytest.mark.generic -@pytest.mark.skipif('config.getvalue("target") == "esp32c6"', reason='Not a violation condition because it does not have PMS peripheral') +@pytest.mark.skipif('config.getvalue("target") in ["esp32c6", "esp32h2"]', reason='Not a violation condition because it does not have PMS peripheral') def test_rtc_fast_reg2_execute_violation(dut: PanicTestDut, test_func_name: str) -> None: dut.run_test_func(test_func_name) dut.expect_gme('Memory protection fault') @@ -689,7 +691,7 @@ def test_rtc_fast_reg3_execute_violation(dut: PanicTestDut, test_func_name: str) dut.expect(r' operation type: (\S+)') dut.expect_reg_dump(0) dut.expect_stack_dump() - elif dut.target == 'esp32c6': + elif dut.target in ['esp32c6', 'esp32h2']: dut.expect_gme('Instruction access fault') dut.expect_reg_dump(0) dut.expect_stack_dump() diff --git a/tools/test_apps/system/panic/sdkconfig.ci.memprot_esp32h2 b/tools/test_apps/system/panic/sdkconfig.ci.memprot_esp32h2 new file mode 100644 index 0000000000..c14d9b8104 --- /dev/null +++ b/tools/test_apps/system/panic/sdkconfig.ci.memprot_esp32h2 @@ -0,0 +1,8 @@ +# Restricting to ESP32H2 +CONFIG_IDF_TARGET="esp32h2" + +# Enabling memory protection +CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT=y + +# Enable memprot test +CONFIG_TEST_MEMPROT=y From 891df4eff9b2d1c545b3270297bf2492ef63413b Mon Sep 17 00:00:00 2001 From: Mahavir Jain Date: Fri, 10 Mar 2023 10:08:24 +0530 Subject: [PATCH 3/4] Cleanup soc_memprot_types.h for C6/H2 This header is not required as there is no PMS peripheral in C6/H2 Closes IDF-6332 --- .../esp_private/esp_memprot_internal.h | 5 +- .../include/soc/esp32c6/soc_memprot_types.h | 175 ------------------ .../include/soc/esp32h2/soc_memprot_types.h | 24 --- components/soc/esp32c6/include/soc/soc_caps.h | 3 - .../esp32h2/include/soc/Kconfig.soc_caps.in | 8 - components/soc/esp32h2/include/soc/soc_caps.h | 6 - 6 files changed, 4 insertions(+), 217 deletions(-) delete mode 100644 components/esp_hw_support/include/soc/esp32c6/soc_memprot_types.h delete mode 100644 components/esp_hw_support/include/soc/esp32h2/soc_memprot_types.h diff --git a/components/esp_hw_support/include/esp_private/esp_memprot_internal.h b/components/esp_hw_support/include/esp_private/esp_memprot_internal.h index 8a000c1aa8..7240d7ee1c 100644 --- a/components/esp_hw_support/include/esp_private/esp_memprot_internal.h +++ b/components/esp_hw_support/include/esp_private/esp_memprot_internal.h @@ -11,8 +11,11 @@ #include "esp_err.h" #include "esp_memprot_err.h" #include "hal/memprot_types.h" -#include "soc_memprot_types.h" #include "esp_memprot_types.h" +#include "sdkconfig.h" +#if CONFIG_ESP_SYSTEM_MEMPROT_FEATURE +#include "soc_memprot_types.h" +#endif #ifdef __cplusplus extern "C" { diff --git a/components/esp_hw_support/include/soc/esp32c6/soc_memprot_types.h b/components/esp_hw_support/include/soc/esp32c6/soc_memprot_types.h deleted file mode 100644 index c45dc31dc9..0000000000 --- a/components/esp_hw_support/include/soc/esp32c6/soc_memprot_types.h +++ /dev/null @@ -1,175 +0,0 @@ -/* - * SPDX-FileCopyrightText: 2022 Espressif Systems (Shanghai) CO LTD - * - * SPDX-License-Identifier: Apache-2.0 - */ - -////////////////////////////////////////////////////////// -// ESP32-C6 PMS memory protection types -// - -#pragma once - -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * @brief Memory types recognized by PMS - */ -typedef enum { - MEMPROT_TYPE_NONE = 0x00000000, - MEMPROT_TYPE_IRAM0_SRAM = 0x00000001, - MEMPROT_TYPE_DRAM0_SRAM = 0x00000002, - MEMPROT_TYPE_IRAM0_RTCFAST = 0x00000004, - MEMPROT_TYPE_ALL = 0x7FFFFFFF, - MEMPROT_TYPE_INVALID = 0x80000000, - MEMPROT_TYPE_IRAM0_ANY = MEMPROT_TYPE_IRAM0_SRAM | MEMPROT_TYPE_IRAM0_RTCFAST -} esp_mprot_mem_t; - -/** - * @brief Splitting address (line) type - */ -typedef enum { - MEMPROT_SPLIT_ADDR_NONE = 0x00000000, - MEMPROT_SPLIT_ADDR_IRAM0_DRAM0 = 0x00000001, - MEMPROT_SPLIT_ADDR_IRAM0_LINE_0 = 0x00000002, - MEMPROT_SPLIT_ADDR_IRAM0_LINE_1 = 0x00000004, - MEMPROT_SPLIT_ADDR_DRAM0_DMA_LINE_0 = 0x00000008, - MEMPROT_SPLIT_ADDR_DRAM0_DMA_LINE_1 = 0x00000010, - MEMPROT_SPLIT_ADDR_ALL = 0x7FFFFFFF, - MEMPROT_SPLIT_ADDR_INVALID = 0x80000000, - MEMPROT_SPLIT_ADDR_MAIN = MEMPROT_SPLIT_ADDR_IRAM0_DRAM0 -} esp_mprot_split_addr_t; - -/** - * @brief PMS area type (memory space between adjacent splitting addresses or above/below the main splt.address) - */ -typedef enum { - MEMPROT_PMS_AREA_NONE = 0x00000000, - MEMPROT_PMS_AREA_IRAM0_0 = 0x00000001, - MEMPROT_PMS_AREA_IRAM0_1 = 0x00000002, - MEMPROT_PMS_AREA_IRAM0_2 = 0x00000004, - MEMPROT_PMS_AREA_IRAM0_3 = 0x00000008, - MEMPROT_PMS_AREA_DRAM0_0 = 0x00000010, - MEMPROT_PMS_AREA_DRAM0_1 = 0x00000020, - MEMPROT_PMS_AREA_DRAM0_2 = 0x00000040, - MEMPROT_PMS_AREA_DRAM0_3 = 0x00000080, - MEMPROT_PMS_AREA_IRAM0_RTCFAST_LO = 0x00000100, - MEMPROT_PMS_AREA_IRAM0_RTCFAST_HI = 0x00000200, - MEMPROT_PMS_AREA_ALL = 0x7FFFFFFF, - MEMPROT_PMS_AREA_INVALID = 0x80000000 -} esp_mprot_pms_area_t; - -/** -* @brief Memory protection configuration -*/ -typedef struct { - bool invoke_panic_handler; /*!< Register PMS violation interrupt for panic-handling */ - bool lock_feature; /*!< Lock all PMS settings */ - void *split_addr; /*!< Main I/D splitting address */ - uint32_t mem_type_mask; /*!< Memory types required to protect. See esp_mprot_mem_t enum */ -} esp_memp_config_t; - -#define ESP_MEMPROT_DEFAULT_CONFIG() { \ - .invoke_panic_handler = true, \ - .lock_feature = true, \ - .split_addr = NULL, \ - .mem_type_mask = MEMPROT_TYPE_ALL \ -} - -/** - * @brief Converts Memory protection type to string - * - * @param mem_type Memory protection type - */ -static inline const char *esp_mprot_mem_type_to_str(const esp_mprot_mem_t mem_type) -{ - switch (mem_type) { - case MEMPROT_TYPE_NONE: - return "NONE"; - case MEMPROT_TYPE_IRAM0_SRAM: - return "IRAM0_SRAM"; - case MEMPROT_TYPE_DRAM0_SRAM: - return "DRAM0_SRAM"; - case MEMPROT_TYPE_IRAM0_RTCFAST: - return "IRAM0_RTCFAST"; - case MEMPROT_TYPE_IRAM0_ANY: - return "IRAM0_ANY"; - case MEMPROT_TYPE_ALL: - return "ALL"; - default: - return "INVALID"; - } -} - -/** - * @brief Converts Splitting address type to string - * - * @param line_type Split line type - */ -static inline const char *esp_mprot_split_addr_to_str(const esp_mprot_split_addr_t line_type) -{ - switch (line_type) { - case MEMPROT_SPLIT_ADDR_NONE: - return "SPLIT_ADDR_NONE"; - case MEMPROT_SPLIT_ADDR_IRAM0_DRAM0: - return "SPLIT_ADDR_IRAM0_DRAM0"; - case MEMPROT_SPLIT_ADDR_IRAM0_LINE_0: - return "SPLIT_ADDR_IRAM0_LINE_0"; - case MEMPROT_SPLIT_ADDR_IRAM0_LINE_1: - return "SPLIT_ADDR_IRAM0_LINE_1"; - case MEMPROT_SPLIT_ADDR_DRAM0_DMA_LINE_0: - return "SPLIT_ADDR_DRAM0_DMA_LINE_0"; - case MEMPROT_SPLIT_ADDR_DRAM0_DMA_LINE_1: - return "SPLIT_ADDR_DRAM0_DMA_LINE_1"; - case MEMPROT_SPLIT_ADDR_ALL: - return "SPLIT_ADDR_ALL"; - default: - return "SPLIT_ADDR_INVALID"; - } -} - -/** - * @brief Converts PMS Area type to string - * - * @param area_type PMS Area type - */ -static inline const char *esp_mprot_pms_area_to_str(const esp_mprot_pms_area_t area_type) -{ - switch (area_type) { - case MEMPROT_PMS_AREA_NONE: - return "PMS_AREA_NONE"; - case MEMPROT_PMS_AREA_IRAM0_0: - return "PMS_AREA_IRAM0_0"; - case MEMPROT_PMS_AREA_IRAM0_1: - return "PMS_AREA_IRAM0_1"; - case MEMPROT_PMS_AREA_IRAM0_2: - return "PMS_AREA_IRAM0_2"; - case MEMPROT_PMS_AREA_IRAM0_3: - return "PMS_AREA_IRAM0_3"; - case MEMPROT_PMS_AREA_DRAM0_0: - return "PMS_AREA_DRAM0_0"; - case MEMPROT_PMS_AREA_DRAM0_1: - return "PMS_AREA_DRAM0_1"; - case MEMPROT_PMS_AREA_DRAM0_2: - return "PMS_AREA_DRAM0_2"; - case MEMPROT_PMS_AREA_DRAM0_3: - return "PMS_AREA_DRAM0_3"; - case MEMPROT_PMS_AREA_IRAM0_RTCFAST_LO: - return "PMS_AREA_IRAM0_RTCFAST_LO"; - case MEMPROT_PMS_AREA_IRAM0_RTCFAST_HI: - return "PMS_AREA_IRAM0_RTCFAST_HI"; - case MEMPROT_PMS_AREA_ALL: - return "PMS_AREA_ALL"; - default: - return "PMS_AREA_INVALID"; - } -} - -#ifdef __cplusplus -} -#endif diff --git a/components/esp_hw_support/include/soc/esp32h2/soc_memprot_types.h b/components/esp_hw_support/include/soc/esp32h2/soc_memprot_types.h deleted file mode 100644 index 885fb1ce82..0000000000 --- a/components/esp_hw_support/include/soc/esp32h2/soc_memprot_types.h +++ /dev/null @@ -1,24 +0,0 @@ -/* - * SPDX-FileCopyrightText: 2022 Espressif Systems (Shanghai) CO LTD - * - * SPDX-License-Identifier: Apache-2.0 - */ - -////////////////////////////////////////////////////////// -// ESP32-H2 PMS memory protection types -// - -#pragma once - -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -// ESP32H2-TODO: IDF-6332 - -#ifdef __cplusplus -} -#endif diff --git a/components/soc/esp32c6/include/soc/soc_caps.h b/components/soc/esp32c6/include/soc/soc_caps.h index ef0d583a8c..6f12018405 100644 --- a/components/soc/esp32c6/include/soc/soc_caps.h +++ b/components/soc/esp32c6/include/soc/soc_caps.h @@ -416,9 +416,6 @@ #define SOC_FLASH_ENCRYPTION_XTS_AES 1 #define SOC_FLASH_ENCRYPTION_XTS_AES_128 1 -/*-------------------------- MEMPROT CAPS ------------------------------------*/ - - /*-------------------------- UART CAPS ---------------------------------------*/ // ESP32-C6 has 2 UARTs #define SOC_UART_NUM (2) diff --git a/components/soc/esp32h2/include/soc/Kconfig.soc_caps.in b/components/soc/esp32h2/include/soc/Kconfig.soc_caps.in index b565f90969..fb80504c82 100644 --- a/components/soc/esp32h2/include/soc/Kconfig.soc_caps.in +++ b/components/soc/esp32h2/include/soc/Kconfig.soc_caps.in @@ -991,14 +991,6 @@ config SOC_FLASH_ENCRYPTION_XTS_AES_128 bool default y -config SOC_MEMPROT_CPU_PREFETCH_PAD_SIZE - int - default 16 - -config SOC_MEMPROT_MEM_ALIGN_SIZE - int - default 512 - config SOC_UART_NUM int default 2 diff --git a/components/soc/esp32h2/include/soc/soc_caps.h b/components/soc/esp32h2/include/soc/soc_caps.h index deefa9d2a6..089f266636 100644 --- a/components/soc/esp32h2/include/soc/soc_caps.h +++ b/components/soc/esp32h2/include/soc/soc_caps.h @@ -234,7 +234,6 @@ #define SOC_LEDC_GAMMA_CURVE_FADE_RANGE_MAX (16) #define SOC_LEDC_FADE_PARAMS_BIT_WIDTH (10) -// TODO: IDF-6332 (Copy from esp32c6, need check) /*-------------------------- MPU CAPS ----------------------------------------*/ #define SOC_MPU_CONFIGURABLE_REGIONS_SUPPORTED 0 #define SOC_MPU_MIN_REGION_SIZE 0x20000000U @@ -418,11 +417,6 @@ #define SOC_FLASH_ENCRYPTION_XTS_AES 1 #define SOC_FLASH_ENCRYPTION_XTS_AES_128 1 -// TODO: IDF-6332 (Copy from esp32c6, need check) -/*-------------------------- MEMPROT CAPS ------------------------------------*/ -#define SOC_MEMPROT_CPU_PREFETCH_PAD_SIZE 16 -#define SOC_MEMPROT_MEM_ALIGN_SIZE 512 - /*-------------------------- UART CAPS ---------------------------------------*/ // ESP32-H2 has 2 UARTs #define SOC_UART_NUM (2) From 233d8e1a332319a016a94bf461c8708d224a6bfc Mon Sep 17 00:00:00 2001 From: Mahavir Jain Date: Wed, 15 Mar 2023 12:53:32 +0530 Subject: [PATCH 4/4] esp32c6: Ensure that previous PMP entry is correctly set for TOR case --- .../esp_hw_support/port/esp32c6/cpu_region_protect.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/components/esp_hw_support/port/esp32c6/cpu_region_protect.c b/components/esp_hw_support/port/esp32c6/cpu_region_protect.c index b44d6422db..68ee9f5f29 100644 --- a/components/esp_hw_support/port/esp32c6/cpu_region_protect.c +++ b/components/esp_hw_support/port/esp32c6/cpu_region_protect.c @@ -179,11 +179,12 @@ void esp_cpu_configure_region_protection(void) #if CONFIG_ULP_COPROC_RESERVE_MEM // First part of LP mem is reserved for coprocessor PMP_ENTRY_SET(11, SOC_RTC_IRAM_LOW + CONFIG_ULP_COPROC_RESERVE_MEM, PMP_TOR | RW); +#else // CONFIG_ULP_COPROC_RESERVE_MEM + // Repeat same previous entry, to ensure next entry has correct base address (TOR) + PMP_ENTRY_SET(11, SOC_RTC_IRAM_LOW, NONE); +#endif // !CONFIG_ULP_COPROC_RESERVE_MEM PMP_ENTRY_SET(12, (int)&_rtc_text_end, PMP_TOR | RX); PMP_ENTRY_SET(13, SOC_RTC_IRAM_HIGH, PMP_TOR | RW); -#endif //CONFIG_ULP_COPROC_RESERVE_MEM - PMP_ENTRY_SET(11, (int)&_rtc_text_end, PMP_TOR | RX); - PMP_ENTRY_SET(12, SOC_RTC_IRAM_HIGH, PMP_TOR | RW); #else const uint32_t pmpaddr10 = PMPADDR_NAPOT(SOC_RTC_IRAM_LOW, SOC_RTC_IRAM_HIGH); PMP_ENTRY_SET(10, pmpaddr10, PMP_NAPOT | CONDITIONAL_RWX);